System and method of device-to-server registration

ABSTRACT

A device-to-server registration system and method of registering a wireless device with a mediator service responsible for allowing the wireless device to communicate with a back-end service are provided. The device-to-server registration system comprises a device-to-server registration module for communicating with a device administration service of the wireless device and a device registration module of a mediator service for registering a wireless device with the mediator service. The device registration module communicates with the device-to-server registration module. The method comprises the steps of communicating with a device administration service of a wireless device to obtain information pertaining to the mediator service and communicating with a device registration module of the mediator service to register with the mediator service.

This non-provisional application claims the benefit of U.S. ProvisionalApplication No. 60/672,042 filed Apr. 18, 2005, which is herebyincorporated by reference.

The present patent disclosure relates generally to a communicationssystem for providing communications to a plurality of devices andspecifically to a system and method of device-to-server registration.

BACKGROUND

Due to the proliferation of wireless networks, there are a continuallyincreasing number of wireless devices in use today. These devicesinclude mobile telephones, personal digital assistants (PDAs) withwireless communication capabilities, two-way pagers and the like.Concurrently with the increase of available wireless devices, softwareapplications running on such devices have increased their utility. Forexample, the wireless device may include an application that retrieves aweather report for a list of desired cities or an application thatallows a user to shop for groceries. These software applications takeadvantage of the ability to transmit data of the wireless network inorder to provide timely and useful services to users, often in additionto voice communication. However, due to a plethora of different types ofdevices, restricted resources of some devices, and complexity ofdelivering large amounts of data to the devices, developing softwareapplications remains a difficult and time-consuming task.

Currently, devices are configured to communicate with Web servicesthrough Internet-based browsers and/or native applications. Browsershave the advantage of being adaptable to operate on a cross-platformbasis for a variety of different devices, but have a disadvantage ofrequesting pages (screen definitions in HTML) from the Web service,which hinders the persistence of data contained in the screens. Afurther disadvantage of browsers is that the screens are rendered atruntime, which can be resource intensive. Applications for browsers areefficient tools for designing platform independent applications.Accordingly, different runtime environments, regardless of the platform,execute the same application. However, since difference wireless deviceshave different capabilities and form factors, the application may not beexecuted or displayed as desired. Further, browser-based applicationsoften require significant transfer bandwidth to operate efficiently,which may be costly or even unavailable for some wireless devices.

On the other hand, native applications are developed for a specificwireless device platform, thereby providing a relatively optimizedapplication program for a runtime environment running on that platform.However, a platform dependent application introduces several drawbacks,including having to develop multiple versions of the same applicationand being relatively large in size, thereby taxing memory resources ofthe wireless device. Further, application developers need experiencewith programming languages such as Java and C++ to construct such nativeapplications.

Current methods to register a wireless device (WD) with a mediatorservice (MS) usually are based on one of two approaches: pre-configuredmediator or pre-configured application. Pre-configured mediator refersto a system where the mediator service needs to be pre-configured withinformation for the WD, and the mediator initiates the registrationprocess. Pre-configured application refers to a system where anapplication on the WD must be configured with the information requiredto initiate registration, or this information must be provided by theuser.

Disadvantages to the pre-configured mediator include the fact that themediator service must be populated with the information to connect withall devices. One disadvantage is that the mediator service must initiateregistration, but since a wireless device may be off, out-of-coverage,not loaded with appropriate client software, or inaccessible for anyreason, the mediator service may have to try multiple times. If thedevice does not have the client software, the mediator service does notknow how to retry once the device has the client software. If the devicehas an upgraded version of the registration process, due to memory andprocessing restrictions on a WD, it is desirable to limit the amount ofbackwards compatibility code required, and in the situation where themediator initiates registration, the device may need a certain amount ofbackwards compatibility support. Having the device initiate registrationwill put this burden on the MS, which typically has much more resourcesto handle this.

Disadvantages to the pre-configured application include the fact thatthis would require that the application definition would require theidentification information for the MS, or at least have an associatedconfiguration file. Either way of changing the MS identification inorder to switch MS' would require an application or file update. Thiswould cost in either information technology (IT) personnel time orover-the-air (OTA) wireless charges. Alternatively the identificationinformation might be provided by the user. This is less user-friendly,IT personnel has less control over the device, and introduces usererror.

BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment of the patent disclosure will now be described by way ofexample only with reference to the following drawings in which:

FIG. 1 shows in a schematic diagram an example of a network facilitatingwireless component applications;

FIG. 2 shows in a flow diagram an example of a wireless componentapplication communication model;

FIG. 3 shows in a detailed component diagram an example of theapplication gateway shown in FIG. 1;

FIG. 4 shows in an interface diagram an example of a security subsystem;

FIG. 5 shows in an interface diagram an example of the lifecyclesubsystem in greater detail;

FIG. 6 shows in an interface diagram an example of the administrationsubsystem in more detail;

FIG. 7 shows in a component diagram an example of a runtime environmentstructure of the wireless component application;

FIG. 8 shows in a component diagram an example of a device-to-serverregistration environment, in accordance with an embodiment of thepresent patent disclosure;

FIG. 9 shows in a component diagram an example of a device-to-serverregistration system, in accordance with an embodiment of the presentpatent disclosure;

FIG. 10 shows in a flowchart an example of a method of device-to-serverregistration for registering a wireless device with a Web service serverthrough a mediator service, in accordance with an embodiment of thedevice-to-server registration system;

FIG. 11 shows in a flowchart a more detailed example of the method ofdevice-to-server registration, in accordance with an embodiment of thedevice-to-server registration system;

FIG. 12 shows in a sequence diagram an implementation of thedevice-to-service registration system described above, in a generaldefault mediator service case; and

FIG. 13 shows in a sequence diagram another implementation of thedevice-to-service registration system described above, in a dedicatedmediator service case.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The patent disclosure provides a system and method to authenticate andregister a wireless device (WD) with a mediator service (MS). Themediator service enables the WD to communicate with Service Providers(SP). There are many concepts embodied in. a typical device-serverregistration process. Fundamentally, the WD and the MS need to have someinformation about each other before the system can function in a properand secure way.

In accordance with an embodiment of the present patent disclosure, thereis provided a device-to-server registration system for registering awireless device with a mediator service responsible for allowing thewireless device to communicate with a back-end service. Thedevice-to-server registration system comprises a device-to-serverregistration module for communicating with a device administrationservice of the wireless device, and a device registration module of amediator service for registering a wireless device with the mediatorservice, the device registration module communicating with thedevice-to-server registration module.

In accordance with another embodiment of the present patent disclosure,there is provided a method of device-to-server registration forregistering a wireless device with a mediator service. The methodcomprises the steps of communicating with a device administrationservice of a wireless device to obtain information pertaining to themediator service, and communicating with a device registration module ofthe mediator service to register with the mediator service.

In accordance with another embodiment of the present patent disclosure,there is provided a computer-readable medium storing instructions orstatements for use in the execution in a computer of a method ofdevice-to-server registration for registering a wireless device with amediator service. The method comprises the steps of communicating with adevice administration service of a wireless device to obtain informationpertaining to the mediator service and communicating with a deviceregistration module of the mediator service to register with themediator service.

In accordance with another embodiment of the present patent disclosure,there is provided a propagated signal carrier carrying signalscontaining computer-executable instructions that can be read andexecuted by a computer. The computer-executable instructions are used toexecute a method of device-to-server registration for registering awireless device with a mediator service. The method comprises the stepsof communicating with a device administration service of a wirelessdevice to obtain information pertaining to the mediator service andcommunicating with a device registration module of the mediator serviceto register with the mediator service.

Advantageously, there is only the need for a one-time handshake with themediator service, performed by the device-to-server registration system.Individual applications requiring access through the mediator service donot need to be configured and do not need to perform their ownhandshake/registration process. The information provided by theadministration service may be updated at any time, over-the-air (OTA) orover a wired connection. Session management is simplified for themediator service. Further, the patent disclosure removes the need forany pre-configured information on the mediator service, not only for thewireless device, but for all applications on the wireless devicerequiring access through the mediator service.

A system and method of the present patent disclosure will now bedescribed with reference to various examples of how the embodiments canbest be made and used. For convenience, like reference numerals are usedthroughout the description and several views of the drawings to indicatelike or corresponding parts, wherein the various elements are notnecessarily drawn to scale.

A system and method to authenticate and register a wireless device (WD)with a mediator service (MS) is provided. The mediator service enablesthe WD to communicate with Service Providers (SP). There are manyconcepts embodied in a typical device-server registration process.Fundamentally, the WD and the MS need some information about each otherfor the system to function in a proper and secure way.

The WD needs information regarding:

How to locate the MS.

Where to send service-related messages

What administrative privileges the device-side component of the servicehas.

Encryption keys for the MS, if applicable.

The MS needs information regarding:

How to locate the WD

What version of the device side component is running on the WD

The current status of the WD component(s)

Encryption keys for the WD, if appropriate.

Referring to FIG. 1, an example of a communication infrastructure isillustrated generally by numeral 100. The communication infrastructure100 comprises a plurality of wireless devices 102, a communicationnetwork 104, an application gateway 106, and a plurality of back-endservices (or systems) 108.

The wireless devices 102 are typical personal digital assistants (PDAs),but may include other devices. Each of the wireless devices 102 includesa runtime environment capable of hosting a plurality of componentapplications.

Component applications comprise one or more data components,presentation components, and/or message components, which are written ina structured definition language such as Extensible Markup Language(XML) code. The component applications can further comprise workflowcomponents which contain a series of instructions such as written in asubset of ECMAScript, and can be embedded in the XML code in someimplementations. Therefore, since the applications arecompartmentalized, a common application can be written for multipledevices by providing corresponding presentation components withouthaving to rewrite the other components. Further, large portions of theresponsibility of typical applications are transferred to the runtimeenvironment for component application. Details of the componentapplications are further described below.

The wireless devices 102 are in communication with the applicationgateway 106 via the communication network 104. Accordingly, thecommunication network 104 may include several components such as awireless network 110, a relay 112, a corporate server 114 and/or amobile data server (MDS) 116 for relaying data between the wirelessdevices 102 and the application gateway 106.

The application gateway 106 comprises a gateway server 118 aprovisioning server 120 and a discovery server 122. The gateway server118 acts as a message broker between the runtime environment on thewireless devices 102 and the back-end services 108. The gateway server118 is in communication with both the provisioning server 120 and thediscovery server 122. The gateway server 110 is further in communicationwith a plurality of the back-end services 108, such as Web services 108a, database services 108 b, as well as other enterprise services 108 c,via a suitable link. For example, the gateway server 118 is connectedwith the Web services 108 a and database services 108 b via SimpleObject Access Protocol (SOAP) and Java Database Connectivity (JDBC)respectively. Other types of back-end services 108 and theircorresponding links can be connected to the gateway server 118.

Preferably, each wireless device 102 is initially provisioned with aservice book or IT policy facility to establish various protocols andsettings, including connectivity information for the corporate server114 and/or the mobile data server 116. These parameters may include auniform resource locator (URL) for the application gateway server 118 aswell as its encryption key. Alternatively, if the wireless device 102 isnot initially provisioned with the URL and encryption key, they may bepushed to the wireless device 102 via the mobile data server 116. Themobile device 102 can then connect with the application gateway 106 viathe URL of the application gateway server 118.

Referring to FIG. 2 there is illustrated in a flow diagram an example ofa wireless component application communication model 150. From ahigh-level perspective, the overall wireless component applicationinfrastructure 150 includes a wireless component application runtimeenvironment (device RE) running on the device 102 and a wirelesscomponent application gateway (AG) 106 running on the server 118.

The AG 106 serves as a mediator between a wireless component application(sometimes referred to as application in this disclosure) executed bythe RE and one or more back-end services 108 with which the applicationcommunicates. Often the back-end service is expected to be a Web service108 a using SOAP over HTTP or HTTPS as the transport protocol. As Webservices are the most commonly expected back-end service 108, the termWeb service is used interchangeable with back-end service 108 throughoutthis disclosure. However, it is appreciated that other types of back-endservices can also be adapted to the disclosure. FIG. 2 exemplifies asynchronous link with a back-end service 108. However, it should beappreciated that the AG 106 can be in communication with back-endservices 108 over asynchronous links.

The wireless component application communication model 150 is based uponan asynchronous messaging paradigm. In this model the applicationgateway (AG) 106 establishes and mediates the connection between thedevice 102 and the back-end service(s) 108 to:

-   -   1. Achieve greater flexibility in resource management.    -   2. Provide reliable communication link between device 102 and        back-end service 108 to handle situations when wireless coverage        is unstable.    -   3. Efficiently distribute workload between device RE 102 and AG        106.

Referring to FIG. 3, a more detailed view of an example of theapplication gateway 106 is shown. The application gateway server 118includes three layers of service; a base services layer 202, anapplication gateway services layer 204 and an application services layer206. The application gateway server 118 further includes anadministration service 208.

A provisioning service 210 and a discovery service 212 are provided bythe provisioning server 120 and discovery server 120, respectively.

At the lowest level, the base services layer 202 offers basic,domain-independent system services to other components in higher levels.Thus, for example, all subsystems in the application gateway serviceslayer 204 and the application services layer 206 can utilize andcollaborate with the subsystems in the base services layer 202. In thepresent embodiment, the base services layer 202 includes a utilitiessubsystem 210, a security subsystem 212, a configuration subsystem 214,and a logging subsystem 216.

The application gateway services layer 204 provides wireless componentapplication domain-specific services. These services provide efficientmessage transformation and delivery to back-end services 108 and providewireless device 102 and component application lifecycle management. Inthe present embodiment, the application gateway services layer 204includes a lifecycle subsystem 220, a connector subsystem 222, amessaging subsystem 224, and a transformation subsystem 226.

The application services layer 206 sits at the top of the architectureand provides external program interfaces and user interfaces usingsubsystems provided by the lower layers. For example, variousapplications such as a service provider lifecycle application, apackaging application and a message listening application provideexternal program interfaces since they communicate primarily withapplications on external systems. Similarly, an administrationapplication provides a user interface by providing a user with theability to access and potentially modify application gateway data and/orparameters.

The administration service 208 is responsible for administrative systemmessages, administration of the wireless devices 102, runtimeadministration of the application gateway subsystems, support anddisplay system diagnostics, and administration of defaultimplementations of the provisioning and discovery services.

The messaging listening application (or messaging listeners 232)provides an interface for receiving messages from the wireless devices102 as well as external sources and forwarding them to the messagingsubsystem. Further, the message listening application 232 typicallyauthenticates that the source of the message is valid.

Referring to FIG. 4, an example of the message listening application 232is shown in greater detail. The message listening application 232includes three listeners: a notification listener 302, a compact messagelistener 304, and a mobile data service acknowledgement listener 306.The notification listener 302 receives notification and responsemessages from event sources 108 c via a notification interface 303.Other message listener interfaces may be added.

In one embodiment, the notification interface 303 may be implementedusing Web Service (WS) Eventing. Web services often want to receivemessages when events occur in other services, such as the event sources,and applications. A mechanism for registering interest is provided inthe art by WS Subscription. WS Subscription defines a protocol for oneWeb service, referred to as a subscriber, to register interest withanother Web service, referred to as an event source, for receivingmessages about events, referred to as notifications. When the eventsource notifies the subscriber of an event, it is referred to as WSEventing.

The compact message listener 304 receives messages from the mobiledevices 102 via a compact message interface 305. The mobile data serviceacknowledgment listener 306 receives and acknowledges notifications fromthe mobile data service 116 via a mobile data service interface 307.Each of the three listeners 302, 304 and 306 receive administrativemessages from the administration service 208 via a listeneradministrative interface 309.

In the present embodiment the listener interfaces 303, 305, 307, and 309are configured using Hypertext Transfer Protocol/Hypertext TransferProtocol over Secure Socket Layer (HTTP/HTTPS). However, these protocolshave been selected as a design choice, and other protocols may be usedwhen desired. Accordingly, external systems transmit a HTTP/HTTPSrequest, which is received by the appropriate listener. The listenertakes the message, makes minimal transformations, and forwards it to themessaging subsystem 224. The transformations include copying HTTP headerinformation into message object fields. For example, the HTTP headerinformation may identify the mobile data service 116 and wireless device102 from which the message originated.

As previously described, the message listening application authenticatesthat the source of the message, be it the mobile data service 116, thewireless device 102 or event source 108, is valid.

Further, if reliable messaging is required, service availability isensured and the listeners deal with solutions to availability attacks.In order to facilitate this, the messaging subsystem defines a thresholdfor a maximum number of messages and connections for a given time periodfrom any back-end service 108, component application or wireless device.The administrator can modify this threshold as desired, as well as allowfor specific exceptions via the administration service 208.

Further, since message interception and replay attack is possible, thelisteners detect and prohibit this attack using mechanisms that identifyreplayed messages. These mechanisms typically include the use of anonce. A nonce is defined as parameter that varies with time. A noncecan be a timestamp or other special marker intended to limit or preventthe unauthorized replay or reproduction of a message. Because a noncechanges with time, it can be used to determine whether or not a messageis original, or a replay or reproduction of the original message. Theuse of a nonce for preventing interception and replay attacks is knownin the art and need not be described in detail, as standardimplementations are utilized.

Further, other technologies, such as sequencing, can also be used toprevent replay of application messages in addition to, or in lieu of,the time timestamp technique. Once again, such techniques are known inthe art and need not be described in detail, as standard implementationsare utilized.

Referring to FIG. 5, an example of the lifecycle subsystem 220 is shownin greater detail. The lifecycle subsystem includes a lifecycle service402 and a device depot 404.

The lifecycle service 402 processes device initiated messages thatrelate to the wireless device 104, the runtime environment lifecycle andthe component application lifecycle. Such messages, for example, mayrelate to a wireless device registration or suspension, wireless deviceswap, wireless device availability, a component applicationinstallation, upgrade, or deletion, and runtime environment upgrades.These messages are communicated to and from the connector subsystem 222via a device system message processing interface 403.

The lifecycle service 402 further provides the ability to query forwireless devices and component application using various filters. Inorder to facilitate this feature, the lifecycle service 402 communicateswith the messaging subsystem 224 and the administration subsystem 208via a device information query/update interface 405. In the presentembodiment, the device information query/update interface 405 isimplemented using a set of Java application program interfaces (APIs)for querying and updating device information. Typical interfaces includethose for managing the wireless device's security and clientadministration policy.

The lifecycle subsystem 220 manages a security profile for each wirelessdevice 104 registered with the application gateway 106 in the devicedepot 404. Each security profile includes a secure symmetric key foreach device. This key is used for secure communication between thewireless device 104 and application gateway 106.

The client administration policy includes retrieving wireless devicestatus, searching for component applications satisfying certainmodifiable criteria, and searching for devices satisfying certainmodifiable criteria. For example, it may be desirable to determine whichcomponent applications are installed on all the wireless devices orwhich wireless devices have specific component applications installed.

Yet further, a lifecycle administration interface 407 is provided forfacilitating the management of the lifecycle subsystem 402 and thedevice depot 404 by the administration subsystem 208. For example, theadministration subsystem can indicate the availability of a new versionof a component application or the runtime environment.

Accordingly, the lifecycle service 402 manages the status of each of aplurality of assigned wireless devices 102, including the runtimeenvironment and component applications stored therein. Information suchas the runtime environment, component application status, and thewireless device security settings are stored in the device depot 404.The security settings may include, for example, client administrationpolicy and the wireless device's encryption key.

The application gateway server 118 also allows for the use of thirdparty lifecycle components, also referred to as lifecycle serviceproviders, which are typically external to the application gateway 106.In order to facilitate lifecycle service providers, lifecycle serviceprovider listeners are provided at the application services layer. Thelifecycle service provider listeners are responsible for receivingnotification on all lifecycle system messages from the lifecycle serviceproviders and transmitting them to the administration subsystem 208 forprocessing. Further, the lifecycle service providers can access theadministration service to configure the application gateway server 118or send system messages.

The administration subsystem 208 administers system messages, systemdevices, application gateway subsystems, system diagnostics, and defaultimplementations of the provisioning and discovery services. Referring toFIG. 6, a more detailed view of an example of the administrationsubsystem 208 is shown. The administration subsystem 208 includes anadministration service 502, an administration console 504 andadministration applications 506. The administration applications 506include a Java Management Extension (JMX) application 508 and a Webservice application 510.

A browser interface 505 couples an administrator with the administratorconsole 502 for administrating the application gateway 106. Anadministrator interface 503 couples the administration service 502 withthe messaging subsystem 224 for delivering administrative systemmessages. The administration applications 506 are coupled to theirrespective third party administrative applications via an appropriateinterface. For example, the JMX application 508 is coupled via a JMXinterface 509 and the Web service application 510 is coupled via a Webservice interface 511.

The administration service 502 processes component application andruntime environment lifecycle events initiated by the administrator orthe lifecycle service providers through the lifecycle administrationinterface. Examples of such events include installing a componentapplication using push provisioning, refreshing the encryption key,upgrading the component application or runtime components, removingcomponent applications, quarantining component applications and removingcomponent applications from quarantine, applying component applicationcleanup script, querying the runtime environment for a status update,and updating the client administration policy.

The administration service 502 is also responsible for administration ofthe wireless devices 104. Accordingly, the administration service 502 iscapable of responding to wireless device registration system messagesand maintaining wireless device settings such as the security key,mobile data service URL, runtime version and status. The administrationservice 502 further supports the ability to list devices in accordancewith predefined filter characteristics, such as by querying a device forits component application and runtime environment settings and queryingfor component applications on specific devices.

The administration service 502 also provides the administrator with theability to access application gateway subsystems runtime information andsettings, per cluster node if applicable, and perform system-relatedtasks. Such tasks include viewing the message subsystem 224 runtimeinformation, including message information per wireless device 12 andper component application, as well as the number of messages in queue,and a snapshot of the number of pooled objects of specific type. Theadministrator is able to modify specific settings at runtime as well asdelete or reschedule expired messages.

Other information and settings provided by the administration service502 include the following. The application gateway subsystem parametersare available for modification. Therefore, for example, theadministrator can enable and disable various features at runtime.Database settings can be configured for a centralized applicationgateway database. This database may include all of the subsystem depots.The application gateway URLs can be configured to be accessible toexternal systems. For example, a URL may be assigned to theadministration application 506 to allow access by third parties. Also aURL may be assigned to the packaging application to allow access by theprovisioning service.

The administration service 502 may also store discovery servicecredentials, service provider credentials, mobile data serviceparameters and security parameters. The discovery service credentialscan be used to authenticate the discovery service upon receiving anotification message that a component application is available.Similarly, service provider credentials, including its URL, can be usedto authenticate a service provider upon receiving component applicationor runtime environment lifecycle messages. Mobile data serviceparameters can be used to connect the administrator to the mobile dataservice and include its IP address, user identification and password.The application gateway security parameters and settings, such as theapplication gateway public and private key and key refreshing policy,are used for encrypting communication between the application gatewayand external applications.

The administration service 502 is also used for registering additionalsubsystems such as custom connectors and lifecycle listeners, forexample.

The Web service application 510 uses Web services for directing serviceprovider-initiated system messages to the administration service 502 forprocessing and delivery to device, if required.

Similarly, the JMX application 508 directs service provider-initiatedsystem messages to the administration service 502 for processing anddelivery to device, if required. However, the JMX interface 509 is anopen interface that any management system vendor can leverage. Theadministration infrastructure is based on JMX technology, which is anopen technology for system management and monitoring. Each managementsystem implements a set of Mbeans objects in order to be configurable.These objects must be registered with an MbeanServer running in theprocess space of the object, in accordance with JMX specification.

Since the application gateway 106 can potentially run in a distributedenvironment, that is some subsystems may run on different applicationservers, then each application server needs to have its ownimplementation of the MbeanServer. Further, each subsystem needs to beconfigured using a separate Administration Console provided by thecorresponding application server, or using third party console thatknows how to access the functionality provided by MbeanServer.

A runtime environment framework container is a client-resident containerwithin which applications are executed on a device. The containermanages the application lifecycle on the device (provisioning,execution, deletion, etc.) and is responsible for translating themetadata (XML) representing an application into an efficient executableform on a device. The container provides a set of services to theapplication, as well as providing support for optional JavaScript. Theseservices include support for UI control, data persistence andasynchronous client-server messaging, etc.

FIG. 7 shows an example of a runtime environment framework 600. Theruntime environment framework 600 comprises an application servicesmodule 602, an administration module 604, a provisioning and lifecyclemanagement (PLM) services module 606, a messaging module 608, and a baseservices module 610. Components may be removed or added to the runtimeenvironment framework 600. The runtime environment framework 600communicates with a wireless component application daemon 612.

The application services module 602 includes a screen service 614 forproviding an interface between currently running applications and auser, an interpreter service 616 for providing an execution environmentfor the applications, a metadata service 618 for handling and mediatingapplication metadata related access, and an access service 620 forallowing applications to access other applications on the device 102.

The administration module 604 includes a control center 622 for handlinga user interface of the wireless component application runtimeenvironment framework 600, processing user interaction with the wirelesscomponent application runtime environment framework 600, and forintegrating the wireless component application runtime environmentframework 600 with the network system 100.

The PLM services module 606 includes a RE container 624 for coordinatingRE container upgrades and backup/restore processes and for implementinga default error handling mechanism for the RE framework 600, a discoveryservice module 626 for locating applications in an applicationrepository, a provisioning service 628 for application provisioning(including application downloads, installation and upgrades), and alifecycle service 630 for registering, maintaining information for, andadministrating applications.

The messaging module 608 includes a messaging service module 632 formessage queuing, message (de)compacting, and message distribution.

The base services module 610 includes a persistence service 634 forstoring a RE profile (including its version, directory, clientadministration policy, application administration policies, securitykeys, available upgrades, etc.), storing an application profile(including its version, metadata, application persistence datacomponents, application persistable global data and applicationresource, available upgrades, etc.), and storing reliable messages(including outgoing messages pending delivery due to out of coverage,and incoming reliable messages pending processing). The base servicesmodule 610 also includes a security service 636 for restricting accessto RE services, providing message authentication, integrity, andencryption. The base services module 610 also includes a communicationservice 638 for sending and receiving messages in and out of the device102, downloading resources and files from appropriate repositories, andnotifying interested RE services about wireless coverage events.

The wireless component application daemon module 612 includes a daemon640 for restarting the wireless component application process wheneverit stops due to a fatal exception.

FIG. 8 shows in a component diagram an example of a device-to-serverregistration environment 700, in accordance with an embodiment of thepresent patent disclosure. The device-to-server registration environmentcomprises a wireless device (WD) 102, a mediator service (MS) 702 forliaising the WD 102 with a back-end service 108. The back-end servicecan be a Web service, data repository, enterprise application or anyother type of information or functionality providing service. Thewireless device 102 comprises a device administration service 706, and adevice-to-server registration module 751 for registering the WD 102 withthe mediator service 702. Preferably, the device-to-server registrationmodule 751 is implemented in a container application. The mediatorservice 702 comprises a device registration module 704 for registeringthe WD 102 to the mediator service 702. The device-to-serverregistration module 751 and the device registration module 704 can beconsidered as a device-to-server registration system 750.

The registration process is between the WD 102 and the MS 702.Preferably, the back-end service 108 is not aware of the WD 102, i.e.,the WD 102 is registered with the MS 702, in one example, the MS 702being the application gateway 106. Preferably, the mediator service 702is implemented in the application gateway 106, and the mediator service702 is implemented in the application gateway server 118.

FIG. 9 shows in a component diagram an example of a device-to-serverregistration module 751, in accordance with an embodiment of the presentpatent disclosure. The device-to-server registration module 751comprises an administration interface module 752 for communicating withthe device administration service 706, and a mediator service interfacemodule 754 for communicating with the device registration module 704.Other components may be added to the device-to-server registrationmodule 751, including a security service layer. The device-to-serverregistration module 751 uses the security service to generate the WDsecurity key (if required) and to handle the synchronous securityhandshake that kicks-off the registration sequence. The security servicereceives the MS security keys (if required) as part of the handshakeresponse and provides it to the rest of the runtime environment.

Communicating with the administration service interface module 752, thedevice administrator provides configuration information to the WD, atany time over-the-air (OTA) or over the wire. A central containerapplication (holding the device-to-server registration module 751) ofthe WD 102 retrieves this information and initiates a security handshakewith the MS 702, possibly exchanging security keys (whether this is doneor not depends on the MS setup). Preferably, only the security keys aresent at this time so that they may be used to encrypt any furthermessages. When the MS 702 responds that the handshake succeeded, thecentral container application sends a status message providing requiredinformation regarding the current state of the central containerapplication. Once the MS 702 receives this information, it sendsadministrative information to the central container application to beused as the context for the operation of the system between the centralcontainer application and this particular MS 702. At this point theregistration process is complete.

Advantageously, the central container application on the WD 102registers with the MS 702. In this way, there is only the need for aone-time handshake with the MS 702, performed by the central containerapplication. Individual applications requiring access through the MS 702do not need to be configured and do not need to perform their ownhandshake/registration process.

Another advantage of the device-to-server registration system 750 isthat information required to perform the registration is provided by thedevice's administrator and not by the user. Thus, the MS 702 does nothave any initial information for this WD 102. The administrator providesthis information in the device configuration, and the device-to-serverregistration system 750 retrieves this information and initiates theregistration.

Another advantage of the device-to-server registration system 750 isthat the information provided by the administrator may be updated at anytime, over-the-air (OTA) or over a wired connection. The containerapplication is automatically notified that the information may havechanged. The container then may perform another registration process, ifrequired. This could result in container application being registeredwith a different MS, or to be connected to a different communicationport on the same MS 702.

Another advantage of the container application is that having a centralcontainer application managing all applications on the device, and beingresponsible for the registration process, simplifies session managementfor the MS 702. The MS administrator may manage the session/WD as awhole for system management functions not suitably applied on aper-application basis. Further, this registration process removes theneed for any pre-configured information on the MS 702, not only for theWD 102, but for all applications on the WD 102 requiring access throughthe MS 702.

FIG. 10 shows in a flowchart an example of a method of device-to-serverregistration (800) for registering a WD 102 with a mediator service 702,in accordance with an embodiment of the device-to-server registrationsystem 750. The method (800) comprises the steps of communicating withthe device administration module 706 to obtain the status of thecontainer application (802), and communicating with the deviceregistration module 704 (804).

FIG. 11 shows in a flowchart a more detailed example of the method ofdevice-to-server registration (850), in accordance with an embodiment ofthe device-to-server registration system 750. The step of communicatingwith (802) includes the step of obtaining configuration informationregarding the MS 702 (852). The step of communicating with the deviceregistration module 704 (804) includes the steps of initiating asecurity handshake with the MS 704 (854), receiving confirmation thatthe handshake succeeded (856), sending information regarding the stateof the WD to the MS (858), and receiving administrative information fromthe MS to be used as the context for the operation of a system betweenthe WD (and container application) and the MS (860). Other steps may beadded to the method (850). The administrative information from the MSmay also include information used as the context for the operation ofthe container application with the WD itself, and also informationrelated to the operation between individual applications and the WDitself.

Advantageously, the initiation of the WD 102 to MS 702 process ispossible at any time, and over-the-air (OTA). This means that the systemadministrator (SA) can initiate the registration process without havingaccess to the WD 102. This initiation process also gives the SA theability to change which MS 702 the WD 102 is registered with or tode-register the WD 102 altogether (i.e., disable the service on the WD).

FIG. 12 shows a diagrammatic representation of an implementation 900 ofthe device-to-service registration system 750 described above, in ageneral default MS 702 case. The implementation 900 shows anadministrative service 622 providing configuration information 902 to acontainer application or device-to-server registration module 751 of aWD 102. The information can be stored in internal configuration storage904 of the WD 102. Preferably, the configuration information is part ofsome external facility used to give the WD information, and thisexternal facility is stored on the device as part of its normalfunction. When the container application is notified that thisinformation has arrived, the container application retrieves it, uses itto start the registration process, and stores it internally in order torestart the registration process in case of unexpected errors, in orderto compare to new configuration information to determine whether tostart a new registration process or not, or for any other actiondesirable for the overall system functionality. The device-to-serverregistration module 751 initiates a handshake and key exchange with adevice registration module 704 of a MS 702. Identification informationof the WD 102 is stored in the device registration module 704. If thehandshake succeeded, the status of the WD 102 is sent from thedevice-to-server registration module 751 to the device registrationmodule 704 where the information is used to update the WD 102 statusinformation in the MS 702. Administrative information is sent from thedevice registration module 704 to the device-to-server registrationmodule 751.

It is possible for a specific application on the WD 102 to communicatewith a separate MS 702 dedicated for use with this particularapplication, rather than the default one with which the containerapplication (or device-to-server registration module 751) is registered.An abbreviated registration process is used in this situation. Theconfiguration information received by the WD 102 as a whole is not usedsince it is not the address information for the dedicated MS 702.Preferably, the information to address and connect to the dedicated MSis in the deployment descriptor, the bundle of information describingthe particular application hosted in the container application, which isused to install the application on the WD 102. This information may beretrieved or accessed in other ways.

Once the application is installed, the container application (ordevice-to-server registration module 751) notes that the applicationwishes to use a dedicated MS 702, so it initiates the same securityhandshake procedure as the main registration process does, except withthe dedicated MS 702. As opposed to the default MS 702 registrationprocess, this is all that is required for the dedicated MS situation..Advantageously, the device status and administrative information are notrequired for the functioning of a specific application with itsdedicated MS 702. Preferably, any messages to the SP for thisapplication are rerouted through the dedicated MS 702 by the containerapplication 751 using the dedicated MS 702 address provided in thedeployment descriptor, and using the security keys generated by thehandshake with the dedicated MS 702.

FIG. 13 shows a diagrammatic representation of another implementation950 of the device-to-service registration system 750 described above, ina dedicated MS 702 case. The implementation 950 shows an applicationrepository 952 providing application information 954 (or deploymentdescriptor from discovery) to a container application ordevice-to-server registration module 751 of a WD 102. The applicationinformation 902 contains information regarding a MS 702. Thedevice-to-server registration module 751 initiates a handshake and keyexchange with a device registration module 704 of a MS 702.Identification information of the WD 102 is recorded in the deviceregistration module 704.

The systems and methods according to the present patent disclosure maybe implemented by any hardware, software or a combination of hardwareand software having the above described functions. The software code,either in its entirety or a part thereof, may be stored in acomputer-readable memory. Further, a computer data signal representingthe software code which may be embedded in a carrier wave may betransmitted via a communication network. Such a computer-readable memoryand a computer data signal are also within the scope of the presentpatent disclosure, as well as the hardware, software and the combinationthereof.

While particular embodiments of the present patent disclosure have beenshown and described, changes and modifications may be made to suchembodiments without departing from the true scope of the patentdisclosure.

1. A device-to-server registration system for registering a wirelessdevice with a mediator service responsible for allowing the wirelessdevice to communicate with a back-end service, the device-to-serverregistration system comprising: a device-to-server registration modulefor communicating with a device administration service of the wirelessdevice; and a device registration module of a mediator service forregistering a wireless device with the mediator service, the deviceregistration module communicating with the device-to-server registrationmodule.
 2. The device-to-server registration system as claimed in claim1, wherein the back-end service is a Web service.
 3. Thedevice-to-server registration system as claimed in claim 1, wherein theback-end service is a data repository.
 4. The device-to-serverregistration system as claimed in claim 1, wherein the back-end serviceis an enterprise application.
 5. The device-to-server registrationsystem as claimed in claim 1, wherein the device-to-server registrationmodule includes: a device administration service interface module forcommunicating with the device administration service; and a mediatorservice interface module for communicating with the device registrationmodule.
 6. The device-to-server registration system as claimed in claim1, further comprising a security service for managing securecommunication between the mediator service and the wireless device. 7.The device-to-server registration system as claimed in claim 1, whereina particular application on the wireless device is registered to aparticular mediator service.
 8. A method of device-to-serverregistration for registering a wireless device with a mediator service,the method comprising the steps of: communicating with a deviceadministration service of a wireless device to obtain informationpertaining to the mediator service; and communicating with a deviceregistration module of the mediator service to register with themediator service.
 9. The method as claimed in claim 8, wherein the stepof communicating with the device administration service includes thestep of obtaining configuration information regarding a containerapplication.
 10. The method as claimed in claim 8, wherein the step ofcommunicating with the device registration module includes the steps of:initiating a security handshake with the mediator service; receivingconfirmation that the handshake succeeded; sending information regardingthe state of the wireless device to the mediator service; and receivingadministrative information from the mediator service to be used ascontext for the operation of a system between the wireless device andthe mediator service.
 11. A computer-readable medium storinginstructions or statements for use in the execution in a computer of amethod of device-to-server registration for registering a wirelessdevice with a mediator service, the method comprising the steps of:communicating with a device administration service of a wireless deviceto obtain information pertaining to the mediator service; andcommunicating with a device registration module of the mediator serviceto register with the mediator service.
 12. A propagated signal carriercarrying signals containing computer-executable instructions that can beread and executed by a computer, the computer-executable instructionsbeing used to execute a method of device-to-server registration forregistering a wireless device with a mediator service, the methodcomprising the steps of: communicating with a device administrationservice of a wireless device to obtain information pertaining to themediator service; and communicating with a device registration module ofthe mediator service to register with the mediator service.